Direct Access problem - HTTP 404 error since installing new certificate RRS feed

  • Question

  • Hello all,

    I have taken over at a school that uses Direct Access. The previous IT Manager used free 90 day certificates which expired on Direct Access stopping it working. I purchased a domain wildcard and (believe) I have installed it correctly. It was difficult for me as the server is running core edition so I had to import and bind with Powershell which I haven't done before.

    As soon as I did the bind, I could see the certificate looked good where as before it was expired however on refresh, a not found http 404 error is shown instead of the usual IIS landing page.

    I used an SSL Checker site which shows everything is ok with the certificate. I wonder if this is because I have gone form a specific certificate aquired for that address, i.e a certificate created for to a * wildcard. Do I need to change some settings in Direct Access?

    One thing I did also notice that may be relevant is that if I use MMC to connect to the personal certificate store of the server, I don't see my new 2 year certificate in there where as I can see the old ones. I imported to the personal 'MY' store.

    Any help would be really appreciated.

    Many Thanks


    Monday, February 17, 2020 9:01 AM

All replies

  • I'm not expert, so not 100% sure how to help.  I have no experience working with server core.  I'm a GUI kind of guy!

    Having said that, I've built a DA server and we also use a Wildcard certificate for the IP-HTTPS traffic.  When I updated our wildcard certificate recently, I did the following:

    (1)  ran MMC and added the Certificates plugin running in the Computer (not Personal user account) context, then Imported the certificate.

    (2)  run the Direct Access configuration wizard and selected the wildcard certificate -- this is in Step 2, Network Adapters, "Select the certificate used to authenticate IP-HTTPS connections"

    (3)  published the new configuration

    Note that publishing the new config will kick all your clients out and make them re-connect to the server.  Depending on who those clients are, it might be a mild inconvenience or a big issue (meaning you'd want to do this at an appropriate time).

    Again ... I have no idea how to achieve this via Powershell / Server Core ... sorry!

    Tuesday, February 18, 2020 1:43 AM
  • Thanks for the info, much appreciated. Like you, i'm a GUI man. I tried converting the Core edition to GUI but that didn't work. I have spent so long trying to resolve this with powershell/mmc and posting multiple questions in multiple forums that in the end, I just had to draw a line on it and use a third party VPN. 

    Monday, February 24, 2020 3:08 PM